Sign-up

ID

VAR-201802-0447


CVE

CVE-2017-17201


TITLE

Huawei Vulnerability related to input validation in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-012678

DESCRIPTION

Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. Due to insufficient input validation, an attacker could trick a user to execute a malicious application, which could be exploited by attacker to launch DoS attacks. Huawei Smartphone software contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiBTV-EMUI5.0, Berlin-EMUI5.0, Berlin-L system and other products of China's Huawei company. A denial of service vulnerability exists in several Huawei products because the device failed to adequately verify user input. Huawei BTV-EMUI5.0, etc. Huawei BTV-EMUI5.0 is a smart tablet product. MHA-AL00A is a smart phone product. The vulnerability is caused by the program's insufficient implementation of input validation. The following products and versions are affected: Huawei BTV-EMUI5.0 BTV-DL09C233B350 version; Berlin-EMUI5.0 Berlin-L21HNC432B360 version, Berlin-L22HNC636B360 version, Berlin-L24HNC567B360 version; Berlin-L21 Berlin-L21C10B130 version, Berlin-L218 version , Berlin-L21C464B130 version; Berlin-L22 Berlin-L22C346B140 version, Berlin-L22C636B160 version; Berlin-L23 Berlin-L23C605B131 version, Berlin-L23DOMC109B160 version; MHA-AL00A MHA-AL00AC00B125 version

Trust: 2.25

sources: NVD: CVE-2017-17201 // JVNDB: JVNDB-2017-012678 // CNVD: CNVD-2018-02548 // VULHUB: VHN-108200

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02548

AFFECTED PRODUCTS

vendor:huaweimodel:berlin-l21scope:eqversion:berlin-l21c464b130

Trust: 1.6

vendor:huaweimodel:berlin-l21scope:eqversion:berlin-l21c185b132

Trust: 1.6

vendor:huaweimodel:berlin-l23scope:eqversion:berlin-l23domc109b160

Trust: 1.6

vendor:huaweimodel:berlin-emui5.0scope:eqversion:berlin-l22hnc636b360

Trust: 1.6

vendor:huaweimodel:berlin-l22scope:eqversion:berlin-l22c636b160

Trust: 1.6

vendor:huaweimodel:berlin-l23scope:eqversion:berlin-l23c605b131

Trust: 1.6

vendor:huaweimodel:mha-al00ascope:eqversion:mha-al00ac00b125

Trust: 1.6

vendor:huaweimodel:berlin-l21scope:eqversion:berlin-l21c10b130

Trust: 1.6

vendor:huaweimodel:berlin-l22scope:eqversion:berlin-l22c346b140

Trust: 1.6

vendor:huaweimodel:berlin-emui5.0scope:eqversion:berlin-l24hnc567b360

Trust: 1.6

vendor:huaweimodel:berlin-emui5.0scope:eqversion:berlin-l21hnc432b360

Trust: 1.0

vendor:huaweimodel:btv-emui5.0scope:eqversion:btv-dl09c233b350

Trust: 1.0

vendor:huaweimodel:berlin-emui5.0scope: - version: -

Trust: 0.8

vendor:huaweimodel:berlin-l21scope: - version: -

Trust: 0.8

vendor:huaweimodel:berlin-l22scope: - version: -

Trust: 0.8

vendor:huaweimodel:berlin-l23scope: - version: -

Trust: 0.8

vendor:huaweimodel:btv-emui5.0scope: - version: -

Trust: 0.8

vendor:huaweimodel:mha-al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:berlin-l21 berlin-l21c10b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l22 berlin-l22c636b160scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l23 berlin-l23c605b131scope: - version: -

Trust: 0.6

vendor:huaweimodel:mha-al00a mha-al00ac00b125scope: - version: -

Trust: 0.6

vendor:huaweimodel:btv-emui5.0 btv-dl09c233b350scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-emui5.0 berlin-l21hnc432b360scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-emui5.0 berlin-l22hnc636b360scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-emui5.0 berlin-l24hnc567b360scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l21 berlin-l21c185b132scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l21 berlin-l21c464b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l22 berlin-l22c346b140scope: - version: -

Trust: 0.6

vendor:huaweimodel:berlin-l23 berlin-l23domc109b160scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-02548 // JVNDB: JVNDB-2017-012678 // CNNVD: CNNVD-201712-945 // NVD: CVE-2017-17201

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17201
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17201
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-02548
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-945
value: MEDIUM

Trust: 0.6

VULHUB: VHN-108200
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17201
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02548
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108200
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17201
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02548 // VULHUB: VHN-108200 // JVNDB: JVNDB-2017-012678 // CNNVD: CNNVD-201712-945 // NVD: CVE-2017-17201

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-108200 // JVNDB: JVNDB-2017-012678 // NVD: CVE-2017-17201

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-945

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-945

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012678

PATCH
title:huawei-sa-20180124-01-dosurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en
Trust: 0.8
title:Patches for various Huawei Product Denial of Service Vulnerabilities (CNVD-2018-02548)url:https://www.cnvd.org.cn/patchInfo/show/115285
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02548 // 
            
            
            
            JVNDB: JVNDB-2017-012678

EXTERNAL IDS
db:NVDid:CVE-2017-17201
Trust: 3.1
db:JVNDBid:JVNDB-2017-012678
Trust: 0.8
db:CNNVDid:CNNVD-201712-945
Trust: 0.7
db:CNVDid:CNVD-2018-02548
Trust: 0.6
db:VULHUBid:VHN-108200
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02548 // 
            
            
            
            VULHUB: VHN-108200 // 
            
            
            
            JVNDB: JVNDB-2017-012678 // 
            
            
            
            CNNVD: CNNVD-201712-945 // 
            
            
            
            NVD: CVE-2017-17201

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-dos-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17201
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17201
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180124-01-dos-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02548 // 
            
            
            
            VULHUB: VHN-108200 // 
            
            
            
            JVNDB: JVNDB-2017-012678 // 
            
            
            
            CNNVD: CNNVD-201712-945 // 
            
            
            
            NVD: CVE-2017-17201

SOURCES
db:CNVDid:CNVD-2018-02548
db:VULHUBid:VHN-108200
db:JVNDBid:JVNDB-2017-012678
db:CNNVDid:CNNVD-201712-945
db:NVDid:CVE-2017-17201

LAST UPDATE DATE
2024-11-23T23:05:14.783000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02548date:2018-02-01T00:00:00
db:VULHUBid:VHN-108200date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2017-012678date:2018-04-04T00:00:00
db:CNNVDid:CNNVD-201712-945date:2018-02-22T00:00:00
db:NVDid:CVE-2017-17201date:2024-11-21T03:17:40.330

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02548date:2018-02-01T00:00:00
db:VULHUBid:VHN-108200date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012678date:2018-04-04T00:00:00
db:CNNVDid:CNNVD-201712-945date:2017-12-27T00:00:00
db:NVDid:CVE-2017-17201date:2018-02-15T16:29:02.627